<?php
/*
Bitsand - a web-based booking system for LRP events
Copyright (C) 2006 - 2009 The Bitsand Project (http://bitsand.googlecode.com/)

This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
*/

//Do not check that user is logged in
$bLoginCheck = False;

include ('inc/inc_head_db.php');

if ($_POST ['btnSubmit'] != '' && CheckReferrer ('register.php')) {
	$sProblem = '';
	$sEmail = SafeEmail ($_POST ['txtEmail']);
	//Check e-mail address is reasonable
	if (!eregi ("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]*)$", $sEmail))
		$sProblem .= htmlentities ($sEmail) . " is not a valid e-mail address<br>\n";
	//Generate password
	$sNewPass = '';
	//New password length will be up to 2x as long as minimum length specified in config file
	$iLen = rand (MIN_PASS_LEN, MIN_PASS_LEN * 2);
	for ($iPos = 1; $iPos <= $iLen; $iPos++)
		switch (rand (1, 3)) {
			case 1:
				$sNewPass .= chr (rand (48, 57));
				break;
			case 2:
				$sNewPass .= chr (rand (65, 90));
				break;
			case 3:
				$sNewPass .= chr (rand (97, 122));
				break;
		}
	//Get salted hash of new password
	$sHashPass = sha1 ($sNewPass . PW_SALT);
	//Check e-mail address is not already registered
	$sql = "SELECT plEmail FROM " . DB_PREFIX . "players WHERE plEmail " .
		"LIKE '" . ba_db_real_escape_string ($link, $sEmail) . "'";
	$result = ba_db_query ($link, $sql);
	if (ba_db_num_rows ($result) > 0)
		$sProblem .= "The e-mail address " . htmlentities ($sEmail) . " is already registered<br>\n";
	//If there are no problems, register user
	if ($sProblem == '') {
		//Set up INSERT SQL query
		$sql = "INSERT INTO " . DB_PREFIX . "players (plEmail, plPassword) VALUES ('" .
			ba_db_real_escape_string ($link, $sEmail) . "', '$sHashPass')";
		//Run query
		ba_db_query ($link, $sql);
		//E-mail user
		$sBody = "You are now registered at " . SYSTEM_NAME . ". " .
			"You can use the following details to log in:\n\n" .
			"E-mail: $sEmail\nPassword: $sNewPass\n\n" .
			"Once you are logged in, you will be able to change your password to something else.\n\n" . fnSystemURL ();
		mail ($sEmail, SYSTEM_NAME . ' - registered', $sBody, "From:" . SYSTEM_NAME . " <" . EVENT_CONTACT_MAIL . ">");
		//Make up URL & redirect to index.php with message
		$sURL = fnSystemURL () . 'index.php' . '?green=' . urlencode ('Registration successful. Please check your e-mail, and use the supplied password to log in');
		header ("Location: $sURL");
	}
}

include ('inc/inc_head_html.php');
?>

<h1><?php echo TITLE?> - Register</h1>

<p>
To register, enter your e-mail address below, then click <b>Register</b>. A randomly-generated password will be e-mailed to you, and you will then be able to use your e-mail address and the password to log in. If you do not get the e-mail, check your Junk/Spam folder - it may have been marked as spam (this appears to be particularly common with web-based e-mail services)<br>
<i>Note that because a password will be e-mailed to you, you must supply a valid e-mail address</i>.
</p>

<?php
//Report any problems
if ($sProblem != '')
	echo "<p class = 'warn'>$sProblem</p>\n";
?>

<form action = 'register.php' method = 'post' onsubmit = 'return fnCheck ()'>
<table class = 'blockmid'>
<tr>
<td>E-mail address:</td>
<td><input name = 'txtEmail' class = 'text'></td>
</tr><tr>
<td colspan = '2'>
Please ensure that you have read and understood the <a href = "terms.php">terms &amp; conditions</a>
</td>
</tr><tr>
<td colspan = '2' class = 'mid'><input type = 'submit' name = 'btnSubmit' value = 'Register'>&nbsp;
<input type = 'reset'></td>
</tr>
</table>
</form>

<p>
Already registered? <a href = "index.php">Login</a><br>
Forgotten your password? <a href = "retrieve.php">Get a new password</a><br>
</p>

<?php
include ('inc/inc_foot.php');
?>
